Thailand: Visa launches new cybersecurity measures

Visa, the global provider of digital payments, has implemented a series of new payment security measures in Thailand to help fight cybercrime, protect the payments ecosystem, and keep consumers and businesses safe.

The new security measures are part of Visa’s updated “Security Roadmap for Thailand”, which is designed to provide enhanced protection for transactions made online and at physical retailers, according to Pipavin Sodprasert, country manager for Visa Thailand.

Ms Pipavin said over the past five years, the company has invested US$9 billion globally to boost cybersecurity and combat fraud.

Visa uses artificial intelligence data-driven solutions to identify, investigate, disrupt, and prevent attacks targeting the global payments ecosystem, providing strategic security expertise and comprehensive protection against emerging security threats.

One of its solutions, Visa Advanced Authorisation, analyses more than 500 data elements to generate a risk score for each transaction, a move that helped banks prevent an estimated $26 billion in fraud globally in fiscal 2021.

With Southeast Asian consumers living increasingly digital lifestyles, the use of biometrics, such as fingerprint or facial recognition, and digital identities, proving who people are online, are growing in popularity, Ms Pipavin said.

Visa’s updated Security Roadmap outlines the steps Visa will be taking across key areas to continue to secure the payments ecosystem in Thailand, including driving adoption of secure technologies and securing digital-first payment experiences.

It also includes stopping enumeration attacks and preventing consumers and businesses from becoming victims of scams.

Joe Cunningham, regional risk officer for Asia-Pacific at Visa, said the roadmap focuses on four strategic pillars, including devaluing data by removing sensitive payments data from external platforms, and making stolen account details useless.

It also focuses on protecting data by implementing safeguards to protect personal data as well as account details.

The roadmap emphasises harnessing data to identify potential fraud before it occurs and increases confidence in approving good transactions.

The fourth pillar is empowering everyone, including account holders and merchants, to play an active role in securing payments, such as transaction alerts and spending controls.

Mr Cunningham said digital commerce has become more important than ever, and even before Covid-19 Visa saw a huge acceleration in consumers going online, which continued throughout the pandemic.

Consumers and merchants, especially small and medium-sized businesses, quickly established an online presence to survive because of lockdowns and other restrictions during the global pandemic.

In Thailand, the past four years have seen progress in the adoption of Visa’s global secure payment technology, he said.

One such move has been the adoption of the Visa Token service, which replaces sensitive account information, such as the 16-digit account number, with a unique digital identifier called a token.

The token allows payments to be processed without exposing actual account details that could potentially be compromised.

Mr Cunningham said he hopes to see more tokens being adopted in Thailand.

Visa also observed two fraud types in Thailand and throughout the Asia-Pacific region.

One is the enumeration attack, which is when a fraudster tries to use brute-force techniques to guess cardholders’ credentials, such as the 16-digit credit card number, expiry date, and CVV2 — the three-digit number on the back of credit card — by attempting thousands of small transactions through online merchant websites.

An approved authorisation response is an indicator to the fraudster that they obtained a combination of valid payment credentials.

Successfully tested payment credentials are then sold to other criminals to commit fraud.

The other fraud is a scam attack, which is usually carried out by sending a phishing link via text message or email disguised as being from a bank or financial services company.

Once people click those links, they are directed to a fraudulent website to try to acquire their payment credentials, such as bank account or credit card information.

Mr Cunningham said if these attacks are a virus, Visa has the vaccine to detect and block the transaction before it gets to banks, thereby protecting consumers and merchants from becoming the victims of cybercriminals.